Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

How event management policies work

All event management policies must include the following components:

  • Event selector
  • Process(es)
  • Timeframe(s)
  • Evaluation order

Each event management policy defines selection criteria that is applied to incoming events to determine which events are processed. A timeframe determines when the policy is active or inactive. The evaluation order determines which policies are implemented first if there is a conflict.

In addition to these components, dynamic enrichment policies also require a dynamic enrichment source file, for more information about how dynamic enrichment policies interact with dynamic enrichment source files, see How-dynamic-enrichment-event-management-policies-work.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*